elf-strtab.c:292)

swj22 at mails dot tsinghua.edu.cn Sat, 08 Feb 2025 00:27:08 -0800

https://sourceware.org/bugzilla/show_bug.cgi?id=32664


            Bug ID: 32664
           Summary: ld buffer-overflow in _bfd_elf_strtab_offset
                    (bfd/elf-strtab.c:292)
           Product: binutils
           Version: 2.45 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: swj22 at mails dot tsinghua.edu.cn
  Target Milestone: ---

Created attachment 15934
  --> https://sourceware.org/bugzilla/attachment.cgi?id=15934&action=edit
poc

**Description**
A segv can occur in ld  when using the  --compress-debug-sections  option with
a specially crafted input file. This issue leads to buffer-overflow.

**Affected Version**
GNU ld (GNU Binutils) 2.45 (HEAD) Commit
66e701c09229d389f4046fddae586278fe3e014f

**Steps to Reproduce**

Build binutils 2.45 (HEAD) Commit 66e701c09229d389f4046fddae586278fe3e014f 
with AddressSanitizer (e.g., CFLAGS="-g -fsanitize=address" ./configure && make
-j).
Run the following command:

/tmp/binutils-gdb/bins/bin/ld   --compress-debug-sections zlib-gabi /tmp/poc
/tmp/binutils-gdb/bins/bin/ld: warning: cannot find entry symbol _start;
defaulting to 0000000000401000
/tmp/binutils-gdb/bins/bin/ld: BFD (GNU Binutils) 2.44.50.20250208 assertion
fail elf-strtab.c:290
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1298545==ERROR: AddressSanitizer: SEGV on unknown address 0x615800000a78 (pc
0x55b5de694b0f bp 0x7ffddcd8ba10 sp 0x7ffddcd8b980 T0)
==1298545==The signal is caused by a READ memory access.
    #0 0x55b5de694b0f in _bfd_elf_strtab_offset
/tmp/binutils-gdb/bfd/elf-strtab.c:292:11
    #1 0x55b5de5bd5b1 in _bfd_elf_write_object_contents
/tmp/binutils-gdb/bfd/elf.c:7162:6
    #2 0x55b5de4d7a16 in bfd_close /tmp/binutils-gdb/bfd/opncls.c:865:11
    #3 0x55b5de421bdd in main /tmp/binutils-gdb/ld/./ldmain.c:600:12
    #4 0x7f7bb075a082 in __libc_start_main
/build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x55b5de2f3e6d in _start (/tmp/binutils-gdb/bins/bin/ld+0x385e6d)
(BuildId: 10d4dd0ec0a37f5a)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/binutils-gdb/bfd/elf-strtab.c:292:11 in
_bfd_elf_strtab_offset
==1298545==ABORTING

** Env **
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug ld/32664] New: ld buffer-overflow in _bfd_elf_strtab_offset (bfd/elf-strtab.c:292)

Reply via email to